Wednesday, March 6, 2019

NUCLEAR WEAPONS AND CYBER ATTACKS: "The only winning strategy is not to play."

Several weeks ago, I wrote a post about the nature of risk stemming from nuclear weapons. In that post, I focused on the singular and calamitous nature of that aggregate risk, and encourage people to avoid getting distracted by trying to pin down the precise probabilities associated with particular "what-ifs" (e.g. accident vs. superpower conflict vs. act of terrorism vs. . . . . ).

I have come to wonder, however, if there isn't one particular "what-if" that we should all study in more detail: cyberwar. As I learn more and more about cybersecurity (and cyberwar), it becomes
apparent that no one is immune from hacking. You can try to minimize it,
but you can't make yourself 100% immune. That means the only rational
strategy is to minimize the danger of the thing that is vulnerable to
hacking.

My hypothesis is that hacking poses such an enormous threat to the ability of the US military to maintain control over US nuclear weapons that very soon responsible military officers will begin to advise the US government that getting rid of these weapons is the only safe option. If this hypothesis is correct, I further hypothesize that there is a role for US citizens to play in counseling their representatives in Congress to be alert to these warnings and act accordingly.

The idea that the US military is relying more and more on autonomous weapons is not new to me. (See, for instance, my work on the No Drones Network.) Nor is the idea that humans are losing control to the machines. (See "Drone to Human: Leave the Thinking to Me") What does seem new is that Artificial Intelligence (AI) is entering the mainstream, and so is discussion of cyberwar as a major facet of armed conflict. This leads me to believe that this is a concern that every member of Congress will feel the need to be alert to.

As far back as 1983, the popular film WarGames painted a picture of what might happen if hackers successfully infiltrated nuclear weapons systems. In that fictional treatment, a super-intelligent computer played a game-turned-confrontation entitled "global thermonuclear war" -- and ultimately provided the counsel, "The only winning strategy is not to play." Will we be lucky enough to heed this advice in real life?

RESOURCES on nuclear weapons and cybersecurity

Recent articles

"Defense industry grapples with cybersecurity flaws in new weapons systems," by Aaron Gregg, Washington Post, October 14, 2018. This article reports on a full GAO report listed under Other related reports and documents below. "The threat is pervasive and dynamic — it isn’t going away and will never be fully defeated." What does this mean for nuclear weapons, in which even a single successful hack could result in millions of deaths?

"Cybersecurity of Nuclear Weapons Systems: Threats, Vulnerabilities and Consequences.," by Beyza Unal and Patricia Lewis at Chatham House, January 2018. "It is unlikely that nuclear weapons possessing governments will be forthcoming in public or with
each other on the cyber vulnerabilities of nuclear weapons systems. . . . [I]t is vital that academics, thinktanks
and NGOs press for information and reassurances from governments that such issues are
being addressed, and that those governments are holding open discussions with the public,
including the media and parliamentarians. After all, it is the public that will pay the ultimate price
for complacency regarding cybersecurity of nuclear weapons systems."